From ea712b7434def7542203a092291be55d71fb3791 Mon Sep 17 00:00:00 2001
From: Lee Hinman <57081003+leehinman@users.noreply.github.com>
Date: Sun, 23 Aug 2020 19:59:31 -0500
Subject: [PATCH] [Auditbeat] upgrade to go-libaudit 2.0.2 (#20695) (#20711)

* upgrade to go-libaudit 2.0.2

- changes network.direction to use ECS recommended values
  of inbound & outbound

Closes #12445

(cherry picked from commit 98d39257223b873316632dc596d18614b87eeec8)
---
 CHANGELOG.next.asciidoc                   |  1 +
 NOTICE.txt                                | 35 ++---------------------
 auditbeat/module/auditd/_meta/accept.json |  4 +--
 auditbeat/module/auditd/_meta/data.json   |  4 +--
 go.mod                                    |  2 +-
 go.sum                                    |  5 ++--
 6 files changed, 10 insertions(+), 41 deletions(-)

diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index 6da32b75814..00a3647657b 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -30,6 +30,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 
 *Auditbeat*
 
+- Change network.direction values to ECS recommended values (inbound, outbound). {issue}12445[12445] {pull}20695[20695]
 
 *Filebeat*
 
diff --git a/NOTICE.txt b/NOTICE.txt
index af26bd4244f..e3b25a090a0 100644
--- a/NOTICE.txt
+++ b/NOTICE.txt
@@ -6147,11 +6147,11 @@ Contents of probable licence file $GOMODCACHE/github.com/elastic/go-concert@v0.0
 
 --------------------------------------------------------------------------------
 Dependency : github.com/elastic/go-libaudit/v2
-Version: v2.0.1
+Version: v2.0.2
 Licence type (autodetected): Apache-2.0
 --------------------------------------------------------------------------------
 
-Contents of probable licence file $GOMODCACHE/github.com/elastic/go-libaudit/v2@v2.0.1/LICENSE.txt:
+Contents of probable licence file $GOMODCACHE/github.com/elastic/go-libaudit/v2@v2.0.2/LICENSE.txt:
 
 
                                  Apache License
@@ -19410,37 +19410,6 @@ SOFTWARE.
 
 
 
---------------------------------------------------------------------------------
-Dependency : github.com/Sirupsen/logrus
-Version: v1.0.1-0.20170608221441-85b1699d5056
-Licence type (autodetected): MIT
---------------------------------------------------------------------------------
-
-Contents of probable licence file $GOMODCACHE/github.com/!sirupsen/logrus@v1.0.1-0.20170608221441-85b1699d5056/LICENSE:
-
-The MIT License (MIT)
-
-Copyright (c) 2014 Simon Eskildsen
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
-
-
 --------------------------------------------------------------------------------
 Dependency : github.com/akavel/rsrc
 Version: v0.8.0
diff --git a/auditbeat/module/auditd/_meta/accept.json b/auditbeat/module/auditd/_meta/accept.json
index 7d300556af3..2ec04e0226c 100644
--- a/auditbeat/module/auditd/_meta/accept.json
+++ b/auditbeat/module/auditd/_meta/accept.json
@@ -38,7 +38,7 @@
         "module": "auditd"
     },
     "network": {
-        "direction": "incoming"
+        "direction": "inbound"
     },
     "process": {
         "executable": "/usr/sbin/sshd",
@@ -92,4 +92,4 @@
             "name": "root"
         }
     }
-}
\ No newline at end of file
+}
diff --git a/auditbeat/module/auditd/_meta/data.json b/auditbeat/module/auditd/_meta/data.json
index 7dccb3a6e1b..906fef698ed 100644
--- a/auditbeat/module/auditd/_meta/data.json
+++ b/auditbeat/module/auditd/_meta/data.json
@@ -36,7 +36,7 @@
         ]
     },
     "network": {
-        "direction": "incoming"
+        "direction": "inbound"
     },
     "process": {
         "executable": "/usr/sbin/sshd",
@@ -55,4 +55,4 @@
         "id": "0",
         "name": "root"
     }
-}
\ No newline at end of file
+}
diff --git a/go.mod b/go.mod
index da37584e05b..2273426b2a0 100644
--- a/go.mod
+++ b/go.mod
@@ -60,7 +60,7 @@ require (
 	github.com/elastic/ecs v1.5.0
 	github.com/elastic/elastic-agent-client/v7 v7.0.0-20200709172729-d43b7ad5833a
 	github.com/elastic/go-concert v0.0.3
-	github.com/elastic/go-libaudit/v2 v2.0.1
+	github.com/elastic/go-libaudit/v2 v2.0.2
 	github.com/elastic/go-licenser v0.3.1
 	github.com/elastic/go-lookslike v0.3.0
 	github.com/elastic/go-lumber v0.1.0
diff --git a/go.sum b/go.sum
index a5b5e0886c1..f3009d79b54 100644
--- a/go.sum
+++ b/go.sum
@@ -87,7 +87,6 @@ github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbt
 github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/Shopify/toxiproxy v2.1.4+incompatible h1:TKdv8HiTLgE5wdJuEML90aBgNWsokNbMijUGhmcoBJc=
 github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
-github.com/Sirupsen/logrus v1.0.1-0.20170608221441-85b1699d5056/go.mod h1:rmk17hk6i8ZSAJkSDa7nOxamrG+SP4P0mm+DAvExv4U=
 github.com/StackExchange/wmi v0.0.0-20170221213301-9f32b5905fd6 h1:2Gl9Tray0NEjP9KC0FjdGWlszbmTIsBP3JYzgyFdL4E=
 github.com/StackExchange/wmi v0.0.0-20170221213301-9f32b5905fd6/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
 github.com/adriansr/fsnotify v0.0.0-20180417234312-c9bbe1f46f1d h1:g0M6kedfjDpyAAuxqBvJzMNjFzlrQ7Av6LCDFqWierk=
@@ -232,8 +231,8 @@ github.com/elastic/fsevents v0.0.0-20181029231046-e1d381a4d270 h1:cWPqxlPtir4RoQ
 github.com/elastic/fsevents v0.0.0-20181029231046-e1d381a4d270/go.mod h1:Msl1pdboCbArMF/nSCDUXgQuWTeoMmE/z8607X+k7ng=
 github.com/elastic/go-concert v0.0.3 h1:f0F4WOi8tBOFIgwA7YbHRQ+Ok8vR+/qFrG7vYvbpX5Q=
 github.com/elastic/go-concert v0.0.3/go.mod h1:9MtFarjXroUgmm0m6HY3NSe1XiKhdktiNRRj9hWvIaM=
-github.com/elastic/go-libaudit/v2 v2.0.1 h1:5xcgkgNTIUA6XO6C3Q6P7TZlnDgxrZUWmO2NG3enBXQ=
-github.com/elastic/go-libaudit/v2 v2.0.1/go.mod h1:u100Al3gXDlDelEutZ0CZ6BMM+LsRFqdi7kzdrn6g7o=
+github.com/elastic/go-libaudit/v2 v2.0.2 h1:g83cmsDT0V4Aa6WuuGI9L6WC4fpo2zZjLwOlqBkSna4=
+github.com/elastic/go-libaudit/v2 v2.0.2/go.mod h1:MM/l/4xV7ilcl+cIblL8Zn448J7RZaDwgNLE4gNKYPg=
 github.com/elastic/go-licenser v0.3.1 h1:RmRukU/JUmts+rpexAw0Fvt2ly7VVu6mw8z4HrEzObU=
 github.com/elastic/go-licenser v0.3.1/go.mod h1:D8eNQk70FOCVBl3smCGQt/lv7meBeQno2eI1S5apiHQ=
 github.com/elastic/go-lookslike v0.3.0 h1:HDI/DQ65V85ZqM7D/sbxcK2wFFnh3+7iFvBk2v2FTHs=